BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
‘WallEscape’ Linux Vulnerability Leaks User Passwords
/in General NewsA vulnerability in util-linux, a core utilities package in Linux systems, allows attackers to leak user passwords and modify the clipboard.
The post ‘WallEscape’ Linux Vulnerability Leaks User Passwords appeared first on SecurityWeek.
SecurityWeek – Read More
‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities
/in General NewsNCC Group researchers warn that the Android banking malware ‘Vultur’ has been updated with device interaction and file tampering capabilities.
The post ‘Vultur’ Android Malware Gets Extensive Device Interaction Capabilities appeared first on SecurityWeek.
SecurityWeek – Read More
AT&T resets passcodes for 7.6 million customers following dark web data leak
/in General NewsThe hacked data seems to be from 2019 or earlier and could include customer names, email addresses, phone numbers, social security numbers, passcodes, and more.
Latest stories for ZDNET in Security – Read More
India Repatriates Citizens Duped Into Forced Cyber Fraud Labor in Cambodia
/in General NewsSo far some 250 citizens have been rescued and returned to India after being lured to Cambodia in an phony employment scheme.
darkreading – Read More
Indian Government Rescues 250 Citizens Forced into Cybercrime in Cambodia
/in General NewsThe Indian government said it has rescued and repatriated about 250 citizens in Cambodia who were held captive and coerced into running cyber scams.
The Indian nationals “were lured with employment opportunities to that country but were forced to undertake illegal cyber work,” the Ministry of External Affairs (MEA) said in a statement, adding it had rescued 75 people in the past three
The Hacker News – Read More
AI Hallucinated Packages Fool Unsuspecting Developers
/in General NewsSoftware developers relying on AI chatbots for building applications may end up using hallucinated software packages.
The post AI Hallucinated Packages Fool Unsuspecting Developers appeared first on SecurityWeek.
SecurityWeek – Read More
Collaboration Needed to Fight Ransomware
/in General NewsA global proactive and collaborative approach to cybersecurity, not just in public/private partnerships, is key to fighting back against increasingly professional ransomware gangs.
darkreading – Read More
Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor
/in General NewsUrgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions.
The post Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor appeared first on SecurityWeek.
SecurityWeek – Read More
DinodasRAT Malware Targets Linux Servers in Espionage Campaign
/in General NewsWhen executed, the Linux variant of DinodasRAT creates a hidden file in the directory where its binary resides, which acts as a mutex to prevent multiple instances from running on the infected device.
Cyware News – Latest Cyber News – Read More
OMB Issues First Governmentwide AI Risk Mitigation Rules
/in General NewsU.S. federal agencies have until December to implement a series of safeguards that aim to ensure the government is responsibly using artificial intelligence, the White House ordered Thursday.
Cyware News – Latest Cyber News – Read More